Vulnerable IoT systems exposed by MITRE advisory

More than a dozen vulnerable internet of things devices have been accidentally exposed by a MITRE security flaw advisory since April, BleepingComputer reports. Numerous links to vulnerable systems were discovered by an anonymous tipper to be included within the MITRE-published CVE's "references" section, which when clicked would redirect potential threat actors to a remote administration dashboard of insecure IP cameras and video devices, which could lead to exploitation. MITRE said that such link inclusion has been done in the past, a move that security experts have denounced. "It's disrespectful to the affected parties to list live vulnerable instances within a CVE entry. The parties involved in the creation of CVE entries should know better. Somewhat surprisingly, according to the GitHub repo for CVE-2022-25584, the author was MITRE themselves," said CERT Coordination Center Vulnerability Analyst Will Dormann. BleepingComputer later discovered that the reference links had already been removed although such information may have already been made available in third-party sources.